Is it intentional that the no-unrestricted-route-to-igw Rule in Operational-Best-Practices-for-HIPAA-Security.yaml has no pass-through parameter for routeTableIds which in the Rule is defined as a "Comma-separated list of route table IDs that can have routes to an Internet Gateway with a destination CIDR block of '0.0.0.0/0' or '::/0'." ? Set me straight if I'm misunderstanding, but in this conformance pack no route tables can be used to connect to the public internet, and there is no way to whitelist a route table for such a purpose? This seems to directly conflict with the AWS HIPAA Compliance Quick Start, which creates route tables connected to an Internet Gateway with a destination CIDR block of 0.0.0.0/0 in order to allow resources in the VPC's to access the internet. That same Quick Start also sets up AWS Config with this HIPAA Conformance Pack (I think it's an outdated version, but the Rule in question is still present), and is in violation of the no-unrestricted-route-to-igw Rule, and there appears to be no way to fix it since the Rule Parameters are locked as part of a Conformance Pack. Am I missing something?
Is it intentional that the
no-unrestricted-route-to-igwRule inOperational-Best-Practices-for-HIPAA-Security.yamlhas no pass-through parameter forrouteTableIdswhich in the Rule is defined as a "Comma-separated list of route table IDs that can have routes to an Internet Gateway with a destination CIDR block of '0.0.0.0/0' or '::/0'." ? Set me straight if I'm misunderstanding, but in this conformance pack no route tables can be used to connect to the public internet, and there is no way to whitelist a route table for such a purpose? This seems to directly conflict with the AWS HIPAA Compliance Quick Start, which creates route tables connected to an Internet Gateway with a destination CIDR block of0.0.0.0/0in order to allow resources in the VPC's to access the internet. That same Quick Start also sets up AWS Config with this HIPAA Conformance Pack (I think it's an outdated version, but the Rule in question is still present), and is in violation of theno-unrestricted-route-to-igwRule, and there appears to be no way to fix it since the Rule Parameters are locked as part of a Conformance Pack. Am I missing something?